IT security calls for collaboration

The federal government needs to 'develop a balanced approach to critical infrastructure security,' DOD's Robert Gaynor says.

Federal IT security issues haven't changed since Sept. 11, but they have taken on new significance, federal managers said recently.

Speaking at a conference held by the Potomac Forum, one official said personnel problems remain the main challenge to federal security efforts.

'One of the issues in the government is that we don't have enough trained security folks,' said Sallie McDonald, assistant commissioner of the General Services Administration's Federal Technology Service.

'If you don't have that capability, you need to contract that out,' she said. 'I personally believe computer security is a people problem more than a technology problem.'

The effort to boost collaboration, especially among law enforcement authorities, is not exactly new.

Angelo Fiumara Jr., deputy director of the Regional Information Sharing System, an intelligence network run by the Justice Department's Bureau of Justice Assistance, said the roots of RISS were established in 1974. Police in the South set up the system to exchange information among agencies via computer, Fiumara said.

Since then, RISS has grown to more than 6,000 nodes in federal and state law enforcement agencies as well as New Scotland Yard in London and Canadian and Australian police.

Watch connections

Jeffrey Gaynor, special assistant for homeland security at the Defense Department, said security efforts must take into account the interconnection of various pieces of the nation's critical infrastructures, such as the dependence of information networks on electric power.

'We want to develop a balanced approach to critical infrastructure security,' he said.

To defend the critical infrastructures against attack, Gaynor said, security officials must view them as terrorists do.'The people who wish to do us harm are thinking as attackers,' Gaynor said. 'We need to get on their wavelength.'

As security threats have increased, many agencies have pitched in to help. The Commerce Department's National Institute of Standards and Technology will triple its production of computer security publications from the Computer Security Resource Center.

'In terms of giving guidance, we want to provide a foundation of management processes for CIOs to embrace,' said Tim Grance, a NIST computer security specialist.